Displaying 20 results from an estimated 1000 matches similar to: "Multiple ISPs: How to force $FW traffic to a specific ISP (reprise)"
2006 Jan 31
24
Need help and advised
Hi folks
Im currently doin firewall project.. the scenario is like this.. my
application server open port number 3079 the server ip is 202.188.0.132. and
now the port can be accessed from everywhere. Now i want to block all the
everywhere accessed. But my problem is, the application will be accessed by
few locations that doing transaction with the application server. and the
said locations are
2006 Feb 06
6
(no subject)
We had a running ipsec shorewall system to all of our remote offices. We
added a dmz to the firewall and implemented proxy arp for that dmz. We have
checked everything two or three times and cannot figure out why the vpns
will no longer come up.
We are using shorewall version 2.2.3 from the debian stable sarge
distribution. We noticed the errata that for 2.0.0 there was a problem with
proxy
2006 Feb 11
6
Shorewall problems simple one i think!!
Hi all
well im using two interfaces.. e.g: eth0:202.188.9.2 is WAN and
eth1;192.168.1.1 is LAN.. when im in LAN let say from 192.168.1.9 i cant
open WAN IP address e.g: 202.188.9.2 .. why? how to set this?... i only can
open 192.168.1.1 .. if possible i want to have both accessable.. thanks
rgds
amir
2006 Jan 27
5
Advice please - best hardware/config to combine 3 ISPs
I want to build a robust firewall for a resort installation. The
resort''s telephony is entirely VOIP, asterisk based. We have the
following internet feeds:
1) 512/512 kb fixed bandwidth leased line with static IP from Telco-
primary connection, expensive, to use for VOIP, VPN traffic, mail
server, SSH access for remote work. Reliable.
2) 256/512 kb ADSL from Telco, not fixed IP -
2006 Feb 17
3
dansguardian+squid masquerading not working
Hello Everyone!
I am using shorewall-3.0.5 on suse linux.
Recently we have implemented dansguardian running on 8080 and squid on
port 3128.
Previously (before dans guardian) masquerading was working fine but
after the implementation of dansguardian masquerading is not working.
My rules file has entry
Previous entry was
ACCEPT loc:192.192.192.3 net
REDIRECT loc 8080 tcp
2006 Feb 07
7
Masquerading issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Shorewall-3.0.3
RH9 (+legacy updates)
eth0: loc: 192.168.1.0/24
eth0:0: loc: 192.168.20.0/24
eth1:: 69.70.32.8/29
I''m worked all day on an issue I found today and I just can''t find a way
to fix my problem.
So, basically, for now, my network looks like this:
Internet
^
|
(69.70.32.8/29)
Firewall
192.168.1.1
2006 Feb 12
11
Local Network Can't Get Past Shorewall to the Internet
Greetings all,
I have just install Shorewall on a Debian system and
I''m using it as a firewall on an internal network.
The specifics of the system are as follows:
firewall:/var/log# shorewall version
3.0.4
firewall:/var/log# uname -a
Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST
2005 i586 GNU/Linux
Shorewall start successfully and $FW can connect to
the Internet for upgrading
2006 Jan 31
5
Traffic Shaping and Bridge
Hi All,
I''m using Shorewall 3.0.4 and I''m wondering if it is possible to do
traffic shapping on only one interface from a bridge.
The firewall has got 3 NIC, eth0, eth1, eth2.
eth0 and eth2 are bridged, but if I''m right, when you specify a traffic
rate for a link, you do it for the interface. In my case, eth0 and eth2
do not appear in the interface file, but it is
2006 Jan 29
1
Fwd: Re: Shorewall/Xen setup (correct from-address this time)
Rene apparently believes that I run a personal consulting service.
I don''t -- here is the response to my last post.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2007 Aug 30
28
Multi-Isp Masqerade ?
Mike Lander wrote:
> I am building a shorewall box that the last post has the SSH error and
> wanted
> some feedback from the list if possible. At first I thought the two ISP''s
> I
> building this
> for had two T-1''s with FQ ip''s as it. I have the box built for this ready
> to
> go.
> Now I find out that one of the T-1''s is
2006 Feb 10
4
Transparent http proxy
Hi all,
I''m trying to set up a transparent proxy with dansguardian, and running
into some strange issues with the squid setup without dansguardian. I have
used shorewall for quite some time, and I''m stumped as to why I can''t get
this to work. Here is a brief synopsis of my network.
loc --> gateway/firewall--> net
I have the following policies:
#firewall to
2007 Oct 26
10
Port problem.
Hello,
We have a video conference server using tcp and udp 3001 prot in internal,
external user said that can''t connect to video server and held on 3001 fail,
the following is file configuration,
nat: 1.2.3.4 eth1:3 192.168.0.18
rule: video/ACCEPT net loc:192.168.0.18
marco.video:
PARAM - - tcp 3000
PARAM - -
2013 Jan 08
4
Splunk Module Development Recommendations
Good morning,
We''ve been testing PE and beginning developing modules for our
infrastructure. One of the modules I''m looking to create is an installation
for Splunk, with the primary focus at this time, on the Forwarder. I
already have the splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb package
being fetched from the Master and also performing the installation via
dpkg. I
2011 Jul 05
24
Shorewall 4.4.21 RC 3
RC 3 is now available for testing.
Problems corrected:
1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands
previously used the setting of RSH_COMMAND and RCP_COMMAND from
/etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf).
These commands now use the .conf file in the current working
directory.
2) The new parameterized
2011 Jul 05
24
Shorewall 4.4.21 RC 3
RC 3 is now available for testing.
Problems corrected:
1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands
previously used the setting of RSH_COMMAND and RCP_COMMAND from
/etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf).
These commands now use the .conf file in the current working
directory.
2) The new parameterized
2007 Aug 15
8
Shorewall and printing problems in the LAN ( loc ) zone
Guys,
Just a quick check. From what i have read in the
shorewall site, intrazone traffic is allowed
completely by shorewall i.e. there is no filtering or
packet size limiting ,etc,etc.
I ask this becos after getting shorewall up and
running well, someone has complained that they cannot
print pdf files larger than 100k at one go but that
they have to print one page at a time.
Some details;
2007 Aug 24
13
Shorewall 3.4.x - Error when (re) starting - segmentation fault
Shorewall 3.4.6 running on SuSE Linux 10.2
Compiling Rule Activation...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Processing /etc/shorewall/params ...
Restarting Shorewall....
/sbin/shorewall: line 665: 6782 Segmentation fault
$SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
got this with V3.4.4, updated to 3.4.6 this morning, but that didn''t help.
2007 Aug 23
4
Monthly traffic limit
Hi Shorewall Users :)
I have found shorewall firewall and seems to be interesting.
I need to setup a configuration my my network users because i only have 50gb
of traffic per month.
I want to know if the shorewall can make a 48gb per month limit, but
everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count.
Can shorewall do that ?
--
Sem Mais
Rui Oliveira
351 - Portugal
2007 Oct 11
5
Web log viewer
Hi.
What system or software are you using to show the iptables log files
(for example the dropped packages tagged as LOG in the Shorewall
rules)?
Thank you very much!
Bye.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files
2007 Aug 20
6
have to restart shorewall after a dynamic IP change
Hi,
I''ve to restart shorewall when my dynamic IP was changed from my ISP.
Of course i can with a shell script do it automatically, but the
question is still there.. why ?
mess-mate
--
"I understand this is your first dead client," Sabian was saying. The
absurdity of the statement made me want to laugh but they don''t call me
Deadpan